Have I Reached ‘Hacked Elite Status’ Yet?

Violent crime in the United States has drastically fallen during the past 25 years, according to an annual report compiled by the Federal Bureau of Investigation. The FBI studied more than 18,500 jurisdictions around the country and when you do the math, it shows that the violent crime rate fell 51% between 1993 and 2018.

Of course, if you live in a larger metropolitan area like St. Louis, Mo., Baltimore, Md., or Chicago, Ill., you might have the perception that the crime rate feels like it has actually gone up. And your feelings might be justified, especially if you compare your crime rates to those in areas like Alaska and Maine.

Where I live, I have automatic motion-detector security lights that come on in the front yard and a security system. I keep all the doors locked and garage doors closed even when I’m home, and to top it off, I have a high-strung dog who barks when car doors close down the street. If a UPS delivery comes or people approach the front door to ask me about my religious beliefs, Olive puts all of her nine pounds into a full freak out. I feel pretty good with the proactive steps I’ve taken.

As I’ve written about before, I take very similar security steps when it comes to my credit card and credit union accounts. So why does it feel like I’m an easy hacking target?

In the past 10 years, I’ve had my credit union and bank accounts hacked six times. Full disclosure, the first time was at my bank in Madison, Wis., and soon after that I shut down the entire account because the process that followed was disastrous and the amount stolen was terrifying. The second, third, fourth and fifth times were at my credit union, also in Madison.

To close out National Cybersecurity Awareness Month this October, my sixth hack came through my credit union account in Austin, Texas.

I feel like hackers should get me a “Thank You for Your Business” gift at this point. A card would be nice. I’ll even write it for them:

“Dearest Cybersucker,

I know you might feel angry or mad.

But just know that your money is not being used for good …

… it’s being used for bad.

We needed your money to buy expensive shirts and shoes.

The dark web doesn’t see faces, but we know that you’re blue.

Cheer up while you reset your passwords and open new accounts.

And please don’t fret when your auto-payments bounce.

Your credit union will cover the costs.

Until we meet again, remember all is not lost.

Well, actually it is, but you get the idea.

Thank you for your business and for your ID-a.

Deepest non-sympathies from anywhere in the world,

Your Hacker.”

I feel like no matter where I live, I exist in a high-cybercrime neighborhood.

Earlier this summer, Juniper Research reported that cybercrimes will add up to $2 trillion in 2019. On top of that, Forbes Magazine is estimating that by 2021 that number will climb to $6 trillion. I’m tired of adding my money to that pile.

Like with home security, I’ve taken many, if not all, of the cyber/payment security steps recommended by experts:

• I don’t use my card at the gas pump to avoid potential skimmers.
• I change my account passwords often.
• I use the digital wallet on my iPhone to pay for nearly everything.
• I check on all of my account activity frequently.
• I don’t use the same passwords.
• I don’t give out any personal information over the phone.
• I do not open any emails or texts other than from people I trust.
• I only use “https” websites.

I’m completely willing to implement as many security layers as possible to keep my accounts and information secure. But, apparently, even if I take the steps above, along with other security measures, it’s not working. Either these cybersecurity experts are full of crap or there are some deeper problems. Or both?

From my vantage point as a consumer, I think there are two significant problems and both revolve around the old saying “you pay for what you get.”

Right now the financial services industry is functioning (or at least FIs are supposed to be) using the guidelines provided under the Gramm-Leach-Bliley Act of 1999. You remember 1999 … it was the year we all were swooning to “I Want it That Way” by the Backstreet Boys and shocked by the ending of The Sixth Sense. Yeah, our federal law requiring financial institutions to explain how they share and protect their customers’ private information was the year we all were “Livin’ la Vida Loca.”

We need an actual national data security standard for all financial institutions. NAFCU is wisely pushing for this all-encompassing security standard. In a Nov. 4 letter to the chair of the Senate Subcommittee on Crime and Terrorism Committee on the Judiciary, NAFCU Vice President of Legislative Affairs Brad Thaler wrote, “While depository institutions have had a national standard on data security since the passage of the Gramm-Leach-Bliley Act (GLBA) over two decades ago, other entities who handle consumer financial data do not have such a national standard. Unfortunately, this creates risk, as bad actors often target those companies who do not have high security standards.”

We need to properly staff to help fight off cybercrime. According to the 2019 ISC2 Cyber Security Workforce Study, there are about 2.8 million cybersecurity professionals on the job around the globe. The study points out that we need another four million “trained workers to close the skills gap and properly defend organizations.” The study does point out that in the U.S. we are short at least 500,000 skilled cybersecurity workers. It comes down to these two things:

1. We don’t have a national data security standard.
2. We don’t have nearly enough cybersecurity professionals.

I understand that everything can’t be a top priority. We need to fix thousands of crumbling bridges around the country. We have a student lending crisis. We have poverty and homelessness levels reaching new highs.

What credit unions can do concerning their members’ data security is get behind a tough set of national data security standards. It’s going to cost you, that’s for sure. In 10 years, it’s cost me more than $14,000 that I’ve had to plead my case to get back. I’m sick of it and you should be too.

Michael Ogden is editor-in-chief for CU Times. He can be reached at mogden@cutimes.com.